Re: SET SESSION AUTHORIZATION (was Re: Real/effective user)

On Sat, Apr 21, 2001 at 05:43:02PM +0200, Peter Eisentraut wrote:

> I have implemented this; it seems to do what we need:
> 
> $ ~/pg-install/bin/psql -U peter
> 
> peter=# set session authorization 'joeblow';
> SET VARIABLE
> peter=# create table foo (a int);
> CREATE
> peter=# \dt
>     List of relations
>  Name  | Type  |  Owner
> -------+-------+---------
>  foo   | table | joeblow
>  test  | table | peter
>  test2 | table | peter
> (3 rows)

Great! With this feature is possible use persisten connection and 
on-the-fly changing actual user, right? It's very useful for example
web application that checking user privilege via SQL layout.

I have I question, what happen with this code:

(connected as superuser)
set session authorization 'userA';set session authorization 'userB';

IMHO it must be disable, right must be something like:
set session authorization 'userA';unset session authorization;        <-- switch back to superuser   set session
authorization'userB';
 

..like as on Linux:

# su - zakkr
$ id -u
1000
$ su - jmarek
Password:
su: Authentication failure
Sorry.
        Karel

-- Karel Zak  <zakkr@zf.jcu.cz>http://home.zf.jcu.cz/~zakkr/C, PostgreSQL, PHP, WWW, http://docs.linux.cz,
http://mape.jcu.cz